Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-1422

Roles are not configured properly when using LDAP in Openshift

XMLWordPrintable

    • 2018 Week 30-32

      LDAP authentication in OpenShift images does not work correctly. It is possible to use LDAP to authenticate users, but users do not have proper roles. It seems that roles are still imported from "application-roles.properties".

      I have configured LDAP users as follows:
      dn: uid=admin,ou=people,dc=example,dc=com
      objectclass: top
      objectclass: uidObject
      objectclass: person
      objectclass: inetOrgPerson
      uid: admin
      cn: admin
      sn: admin
      userpassword: admin

      And groups as follows:
      dn: cn=admin,ou=roles,dc=example,dc=com
      objectclass: groupOfNames
      objectClass: top
      cn: admin
      description: Admin group
      ou: admins@example.com
      member: uid=admin,ou=people,dc=example,dc=com
      member: uid=adminUser,ou=people,dc=example,dc=com
      member: uid=Administrator,ou=people,dc=example,dc=com

      The following command was used to deploy the application:
      oc new-app rhpam70-authoring -p BUSINESS_CENTRAL_HTTPS_SECRET=secret1 -p KIE_SERVER_HTTPS_SECRET=secret1 -p IMAGE_STREAM_NAMESPACE=jpetrlik-test5 -p KIE_SERVER_CONTROLLER_PWD=controllerUser -p KIE_ADMIN_PWD=adminUser -p KIE_SERVER_PWD=executionUser -p AUTH_LDAP_URL=ldap://<url> -p AUTH_LDAP_BIND_DN="cn=Manager,dc=example,dc=com" -p AUTH_LDAP_BIND_CREDENTIAL=admin -p AUTH_LDAP_BASE_CTX_DN="ou=people,dc=example,dc=com" -p AUTH_LDAP_BASE_FILTER="(uid=

      {0}

      )" -p AUTH_LDAP_SEARCH_SCOPE="SUBTREE_SCOPE" -p AUTH_LDAP_ROLES_CTX_DN="ou=roles,dc=example,dc=com" -p AUTH_LDAP_ROLE_FILTER="(member=

      {1}

      )" -p AUTH_LDAP_ROLE_ATTRIBUTE_ID="cn

      I'm able to provide access to QE LDAP for further investigation if necessary.

        1. bpms.ldif
          1 kB
          Filippe Spolti
        2. standalone-full.xml
          35 kB
          Filippe Spolti

            rhn-support-fspolti Filippe Spolti
            jpetrlik@redhat.com Jiri Petrlik
            Jiri Petrlik Jiri Petrlik
            Jiri Petrlik Jiri Petrlik
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: